[one-users] Help! with ebtables networking, for ONE 4.2 on openSUSE 12.3
Mark Biggers
mbiggers at ine.com
Wed Nov 13 12:08:57 PST 2013
The subject says it all. I am available on IRC -- see my signature, and Google chat.
I can get no "networking across a bridge" working, for the ONE "ebtables" model.
The platform is openSUSE 12.3 on a Thinkpad W530, plenty of memory & disk space. Here's the info. ** Thank you in advance. **
(An aside: am quite concerned, that I will *not* get the ONE Virtual Router going in the future, since docs on that seem very thin. And I need to be able to *drop* contextualization; some VMs we will be running can't be modified for that).
Mark Biggers
INE, Inc.
Durham, NC
Internets: Freenode.net IRC: markb1, #trizpug #trilug #opennebula
.. Google chat: mbiggers.01 at gmail.com
================ Script started on Wed Nov 13 14:36:39 2013
root at sealion:.../one > netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 br0
127.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 lo
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.122.0 192.168.1.250 255.255.255.0 UG 0 0 0 br0
root at sealion:.../one > ip addr ## EDITED
1: lo:
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
link/ether 3c:97:0e:ab:0a:de brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000
4: vboxnet0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff
13: tun0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 500
link/ether 4a:2a:6d:26:0c:91 brd ff:ff:ff:ff:ff:ff
23: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 3c:97:0e:ab:0a:de brd ff:ff:ff:ff:ff:ff
inet 192.168.1.250/24 brd 192.168.1.255 scope global br0
27: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 500
link/ether fe:00:c0:a8:7a:02 brd ff:ff:ff:ff:ff:ff
29: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 500
link/ether fe:00:c0:a8:7a:03 brd ff:ff:ff:ff:ff:ff
root at sealion:.../one > brctl show
bridge name bridge id STP enabled interfaces
br0 8000.3c970eab0ade no eth0
vnet0
vnet1
root at sealion:.../one > ebtables -t nat -L
Bridge table: nat
Bridge chain: PREROUTING, entries: 2, policy: ACCEPT
-p IPv4 -i eth0 --ip-dst 192.168.122.2 -j dnat --to-dst 2:0:c0:a8:7a:2 --dnat-target ACCEPT
-p ARP -i eth0 --arp-ip-dst 192.168.122.2 -j dnat --to-dst 2:0:c0:a8:7a:2 --dnat-target ACCEPT
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
Bridge chain: POSTROUTING, entries: 1, policy: ACCEPT
-o eth0 -j snat --to-src 3c:97:e:ab:a:de --snat-arp --snat-target ACCEPT
Bridge chain: libvirt-I-vnet0, entries: 0, policy: ACCEPT
Bridge chain: libvirt-O-vnet0, entries: 0, policy: ACCEPT
Bridge chain: I-vnet0-mac, entries: 0, policy: ACCEPT
Bridge chain: I-vnet0-ipv4-ip, entries: 0, policy: ACCEPT
Bridge chain: O-vnet0-ipv4, entries: 0, policy: ACCEPT
Bridge chain: I-vnet0-arp-mac, entries: 0, policy: ACCEPT
Bridge chain: I-vnet0-arp-ip, entries: 0, policy: ACCEPT
Bridge chain: I-vnet0-rarp, entries: 0, policy: ACCEPT
Bridge chain: O-vnet0-rarp, entries: 0, policy: ACCEPT
Bridge chain: libvirt-I-vnet1, entries: 0, policy: ACCEPT
Bridge chain: libvirt-O-vnet1, entries: 0, policy: ACCEPT
Bridge chain: I-vnet1-mac, entries: 0, policy: ACCEPT
Bridge chain: I-vnet1-ipv4-ip, entries: 0, policy: ACCEPT
Bridge chain: O-vnet1-ipv4, entries: 0, policy: ACCEPT
Bridge chain: I-vnet1-arp-mac, entries: 0, policy: ACCEPT
Bridge chain: I-vnet1-arp-ip, entries: 0, policy: ACCEPT
Bridge chain: I-vnet1-rarp, entries: 0, policy: ACCEPT
Bridge chain: O-vnet1-rarp, entries: 0, policy: ACCEPT
root at sealion.ine.corp:one # ebtables -t broute -L
Bridge table: broute
Bridge chain: BROUTING, entries: 0, policy: ACCEPT
root at sealion:.../one > ebtables -t filter -L
Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 4, policy: ACCEPT
-s ! 2:0:c0:a8:7a:0/ff:ff:ff:ff:ff:0 -o vnet0 -j DROP
-s ! 2:0:c0:a8:7a:2 -i vnet0 -j DROP
-s ! 2:0:c0:a8:7a:0/ff:ff:ff:ff:ff:0 -o vnet1 -j DROP
-s ! 2:0:c0:a8:7a:3 -i vnet1 -j DROP
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
root at sealion:.../one > iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root at sealion:.../one > traceroute -nr 192.168.122.2
traceroute to 192.168.122.2 (192.168.122.2), 30 hops max, 40 byte packets using UDP
Unable to connect to 192.168.122.2: Network is unreachable
root at sealion:.../one > traceroute -nr 192.168.122.3
traceroute to 192.168.122.3 (192.168.122.3), 30 hops max, 40 byte packets using UDP
Unable to connect to 192.168.122.3: Network is unreachable
root at sealion:.../one > traceroute -nr 192.168.122.1
traceroute to 192.168.122.1 (192.168.122.1), 30 hops max, 40 byte packets using UDP
Unable to connect to 192.168.122.1: Network is unreachable
root at sealion:.../one > ping 192.168.122.1
PING 192.168.122.1 (192.168.122.1) 56(84) bytes of data.
64 bytes from 192.168.122.1: icmp_seq=1 ttl=64 time=0.372 ms
64 bytes from 192.168.122.1: icmp_seq=2 ttl=64 time=0.232 ms
^C
--- 192.168.122.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.232/0.302/0.372/0.070 ms
root at sealion:.../one > ping 192.168.122.2
PING 192.168.122.2 (192.168.122.2) 56(84) bytes of data.
^C
--- 192.168.122.2 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms
root at sealion:.../one > exit
exit
Script done on Wed Nov 13 14:41:06 2013
neadmin at sealion:~ > onevm show 27 >> netw-email.info
VIRTUAL MACHINE 27 INFORMATION
ID : 27
NAME : vyatta-router
USER : oneadmin
GROUP : oneadmin
STATE : ACTIVE
LCM_STATE : RUNNING
RESCHED : No
HOST : host01
START TIME : 11/13 11:02:20
END TIME : -
DEPLOY ID : one-27
VIRTUAL MACHINE MONITORING
USED MEMORY : 1024M
USED CPU : 0
NET_TX : 3K
NET_RX : 157K
PERMISSIONS
OWNER : um-
GROUP : ---
OTHER : ---
VM DISKS
ID TARGET IMAGE TYPE SAVE SAVE_AS
0 vda Vyatta Core 6.5R1 - kvm file NO -
VM NICS
ID NETWORK VLAN BRIDGE IP MAC
0 cloud yes br0 192.168.122.2 02:00:c0:a8:7a:02
fe80::400:c0ff:fea8:7a02
VIRTUAL MACHINE HISTORY
SEQ HOST ACTION REAS START TIME PROLOG
0 host01 none none 11/13 11:02:30 0d 03h43m 0h00m21s
VIRTUAL MACHINE TEMPLATE
CONTEXT=[
DISK_ID="1",
ETH0_DNS="192.168.1.1",
ETH0_GATEWAY="192.168.122.1",
ETH0_IP="192.168.122.2",
ETH0_MASK="255.255.255.0",
ETH0_NETWORK="192.168.122.0/24",
NETWORK="YES",
TARGET="vdb" ]
CPU="1"
GRAPHICS=[
LISTEN="0.0.0.0",
PORT="5927",
TYPE="VNC" ]
MEMORY="1024"
OS=[
ARCH="i686",
BOOT="hd" ]
TEMPLATE_ID="25"
VMID="27"
oneadmin at sealion:~ > onehost show 5 >> netw-email.info
HOST 5 INFORMATION
ID : 5
NAME : host01
CLUSTER : -
STATE : MONITORED
IM_MAD : kvm
VM_MAD : kvm
VN_MAD : ebtables
LAST MONITORING TIME : 11/13 14:47:30
HOST SHARES
TOTAL MEM : 31G
USED MEM (REAL) : 1.9G
USED MEM (ALLOCATED) : 1024M
TOTAL CPU : 800
USED CPU (REAL) : 112
USED CPU (ALLOCATED) : 100
RUNNING VMS : 1
MONITORING INFORMATION
ARCH="x86_64"
CPUSPEED="3000"
FREECPU="688.0"
FREEMEMORY="30515816"
HOSTNAME="sealion.ine.corp"
HYPERVISOR="kvm"
MODELNAME="Intel(R) Core(TM) i7-3940XM CPU @ 3.00GHz"
NETRX="0"
NETTX="0"
TOTALCPU="800"
TOTALMEMORY="32557228"
USEDCPU="112.0"
USEDMEMORY="2041412"
VIRTUAL MACHINES
ID USER GROUP NAME STAT UCPU UMEM HOST TIME
27 oneadmin oneadmin vyatta-router runn 0 1024M host01 0d 03h47
More information about the Users
mailing list